{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T07:24:03.076","vulnerabilities":[{"cve":{"id":"CVE-2017-15697","sourceIdentifier":"security@apache.org","published":"2018-01-23T22:29:00.337","lastModified":"2024-11-21T03:15:01.477","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. The fix to properly handle these headers was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate release."},{"lang":"es","value":"Una cabecera X-ProxyContextPath o X-Forwarded-Context maliciosa que contenga recursos externos o código embebido puede provocar la ejecución remota de código. La solución para gestionar apropiadamente estas cabeceras se aplicó en la distribución 1.5.0 de Apache NiFi. Los usuarios que ejecuten una distribución 1.x anterior deben actualizarla a la distribución adecuada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndIncluding":"1.4.0","matchCriteriaId":"B5699FDF-232B-4292-85C3-7835CAC2229B"}]}]}],"references":[{"url":"https://nifi.apache.org/security.html#CVE-2017-15697","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"https://nifi.apache.org/security.html#CVE-2017-15697","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}